There’s an interesting post over on Symantec’s blog about a shift noted in the behavior of the Kelihos botnet in recent days.
According to Symantec, Kelihos operators have turned their attention to Apple customers, launching a phishing email campaign aimed at Apple iCloud users and Apple ID’s and passwords.
According to the post, Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store.
Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The body of the phishing email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and claims the address is located in Volgograd, Russia.
Apple users alarmed by that disclosure are urged to “check their Apple ID” and given an accompanying link – which redirects the user to the Apple phishing page and harvests the users credentials.
The recent hack of A-list celebrities revealed the extent to which Apple’s iCloud has become a repository of loads of personal data either directly, in the form of photos and email, or indirectly: buried in iPhone and iPad backups.
[Read more Security Ledger coverage of the celebrity hacking scandal here.]
Basic anti-phishing measures should protect most users from this. Namely: don’t click links that are pushed at you in e-mail messages, even if those messages and the links look “official.” In fact: beware of any or all unsolicited messages encouraging you to visit a web site or enter user credentials!
You can read more via Apple IDs targeted by Kelihos botnet phishing campaign | Symantec Connect.